目的
通過(guò)openvpn p2p模式,連通兩個(gè)局域網(wǎng)夹囚,使其中的機(jī)器可以相互通信部念。
兩個(gè)局域網(wǎng)中各有一臺(tái)機(jī)器持有靜態(tài)ip,openvpn將部署在這兩臺(tái)機(jī)器上土榴。
topology
環(huán)境準(zhǔn)備
| 網(wǎng)絡(luò)區(qū)域 | 靜態(tài)ip(wan) | 內(nèi)部ip(lan) | 部署節(jié)點(diǎn) |
|---|---|---|---|
| 局域網(wǎng)1 | 101.37.30.129 | 192.168.100.0 | openvpn server |
| 局域網(wǎng)2 | 43.139.100.167 | 172.17.0.0 | openvpn client |
系統(tǒng)設(shè)置
server端與client端均需執(zhí)行
-
開(kāi)啟路由轉(zhuǎn)發(fā)
vim sysctl.conf # 寫(xiě)入net.ipv4.ip_forward = 1 sysctl -p -
開(kāi)啟防火墻tun轉(zhuǎn)發(fā)
iptables -A FORWARD -i tun+ -j ACCEPT -
安裝openvpn
apt install openvpn # or "yum install openvpn" in some systems
openvpn配置
在服務(wù)端與客戶(hù)端分別新建openvpn.conf诀姚,寫(xiě)入以下內(nèi)容
服務(wù)端配置
auth none
dev tun
proto tcp-server
lport 1194
remote 43.139.100.167
rport 1194
ifconfig 10.200.0.2 10.200.0.1
route 172.17.0.0 255.255.255.0
user nobody
group nogroup # use "group nogroup" on some distros
persist-tun
persist-key
keepalive 10 60
ping-timer-rem
verb 3
daemon
log-append /tmp/openvpn.log
客戶(hù)端配置
auth none
dev tun
proto tcp-client
lport 1194
remote 101.37.30.129
rport 1194
ifconfig 10.200.0.1 10.200.0.2
route 192.168.100.0 255.255.255.0
user nobody
group nogroup # use "group nogroup" on some distros
persist-tun
persist-key
keepalive 10 60
ping-timer-rem
verb 3
daemon
log-append /tmp/openvpn.log
啟動(dòng)openvpn并驗(yàn)證
使用以下命令分別啟動(dòng)openvpn服務(wù)端和客戶(hù)端
openvpn --config ./openvpn.conf
服務(wù)端
ping 10.200.0.1
ping 172.17.0.2
客戶(hù)端
ping 10.200.0.1
ping 172.17.0.2
參考文獻(xiàn)
- openvpn官方文檔
- 《OpenVPN Cookbook - 2nd Edition》by Jan Just KeijserPublisher: Packt Publishing (Feburary 2017)
